Security Audit Skill
Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.
What This Skill Does
- •Conducts security code reviews
- •Identifies vulnerabilities (CVSS scoring)
- •Performs OWASP Top 10 assessments
- •Audits authentication/authorization
- •Reviews data protection controls
- •Analyzes dependency vulnerabilities
- •Creates remediation roadmaps
When to Use
- •Security reviews before release
- •Compliance audits
- •Penetration test preparation
- •Incident response analysis
- •Dependency vulnerability assessment
Reference Files
- •
references/SECURITY_AUDIT.template.md- Comprehensive security audit report format - •
references/owasp_checklist.md- OWASP Top 10 checklist with CVSS scoring and CWE references
Workflow
- •Define scope and methodology
- •Perform static/dynamic analysis
- •Document findings by severity
- •Map to OWASP categories
- •Create remediation roadmap
- •Verify fixes
Output Format
Security findings should include:
- •Severity (Critical/High/Medium/Low)
- •CVSS score and vector
- •CWE classification
- •Proof of concept
- •Remediation steps